Closed Bug 799342 Opened 12 years ago Closed 11 years ago

Bugs with crashes in memory deallocation code from crash-stats should be marked sec-critical/security-group by default

Categories

(bugzilla.mozilla.org :: General, defect)

Product:
bugzilla.mozilla.org
Component:
General
Version:
Production
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: briansmith, Unassigned)

Details

+++ This bug was initially created as a clone of Bug #786836 +++

These are almost always double-frees or other exploitable errors.

We should find some way to hide them from public crash-stats by default as well.

Although I suggest we initially do this for memory deallocation bugs, I think crashes in NSS an certain other core modules are also potentially good candidates for the same treatment.
i had a quick chat with bsmith on irc to get some more information about this request.

we'll need to use the existence of keywords in the crash-signature field as a trigger for automatically securing a bug at creation time.


once the list of appropriate keywords has been provided, implementation should be trivial.
Component: Administration → General
Flags: needinfo?
no movement on this bug for a while, closing.

feel free to reopen if you can provide an appropriate list of crash-sig keywords that would trigger securing a bug.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INCOMPLETE
Flags: needinfo?
You need to log in before you can comment on or make changes to this bug.